Using 6773 out of 29688 bytes ! ! Last configuration change at 15:34:57 Cooks Wed Jun 20 2007 by philip ! NVRAM config last updated at 15:37:23 Cooks Wed Jun 20 2007 by philip ! version 12.4 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname pacnog3-gw ! boot-start-marker boot-end-marker ! logging buffered 8192 debugging no logging console enable secret ! aaa new-model aaa authentication login default local aaa authentication enable default enable ! aaa session-id common clock timezone Cooks -10 no network-clock-participate slot 1 no network-clock-participate wic 0 ip icmp rate-limit unreachable DF 1000 ip spd mode aggressive ip wccp web-cache redirect-list 130 group-list 50 ip cef ! no ip dhcp use vrf connected ip dhcp excluded-address 202.65.42.1 202.65.42.47 ip dhcp excluded-address 202.65.42.240 202.65.42.255 ! ip dhcp pool PACNOG network 202.65.42.0 255.255.255.0 default-router 202.65.42.254 domain-name conference.pacnog.org dns-server 202.65.42.252 lease 0 4 ! ip dhcp pool PRINTER host 202.65.42.253 255.255.255.0 client-identifier 0100.8077.3cb6.cc default-router 202.65.42.254 domain-name conference.pacnog.org dns-server 202.65.32.127 202.65.32.128 ! ip dhcp pool AP1 host 202.65.42.240 255.255.255.0 client-identifier 0100.1601.7f6a.b4 default-router 202.65.42.254 domain-name conference.pacnog.org dns-server 202.65.32.127 202.65.32.128 ! ip dhcp pool AP2 host 202.65.42.241 255.255.255.0 client-identifier 0100.1601.7fe2.3e default-router 202.65.42.254 domain-name conference.pacnog.org dns-server 202.65.32.127 202.65.32.128 ! ip domain name conference.pacnog.org ip name-server 202.65.32.128 ip name-server 202.65.32.127 ! ipv6 unicast-routing ipv6 general-prefix pacnog 6to4 FastEthernet0/0 ipv6 cef ! username philip secret ! interface Tunnel2002 no ip address no ip redirects ipv6 address pacnog ::1/64 ipv6 traffic-filter ipv6-in in ipv6 traffic-filter ipv6-out out tunnel source FastEthernet0/0 tunnel mode ipv6ip 6to4 ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description Telecom Cooks Link ip address 202.65.32.7 255.255.255.0 ip access-group 100 in ip access-group 101 out ip flow ingress ip flow egress duplex auto speed auto ! interface Serial0/0 no ip address shutdown ! interface FastEthernet0/1 description PacNOG Workshop Backbone LAN ip address 202.65.42.254 255.255.255.0 ip wccp web-cache redirect in duplex auto speed auto ipv6 address pacnog ::1:0:0:0:1/64 ipv6 flow ingress ipv6 flow egress ! interface Serial0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 202.65.32.4 ip route 10.0.0.0 255.0.0.0 Null0 254 ip route 169.254.0.0 255.255.0.0 Null0 254 ip route 172.16.0.0 255.240.0.0 Null0 254 ip route 192.168.0.0 255.255.0.0 Null0 254 ! no ip http server no ip http secure-server ! access-list 50 permit 202.65.42.252 access-list 98 permit 202.65.42.0 0.0.0.255 access-list 98 deny any log access-list 99 deny any log access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any echo access-list 100 permit icmp any any ttl-exceeded access-list 100 permit icmp any any unreachable access-list 100 deny icmp any any access-list 100 deny tcp any any eq 445 access-list 100 deny tcp any any eq 135 access-list 100 deny tcp any any eq 139 access-list 100 deny udp any any eq netbios-dgm access-list 100 deny udp any any eq netbios-ns access-list 100 deny tcp any any eq www access-list 100 deny tcp any any eq 1080 access-list 100 deny tcp any any eq 3127 access-list 100 deny tcp any any eq 3128 access-list 100 deny tcp any any eq 1433 access-list 100 deny tcp any any eq 4662 access-list 100 deny udp any any eq 6881 access-list 100 deny udp any eq 6881 any access-list 100 deny tcp any any eq 8080 access-list 100 permit tcp any any established access-list 100 permit tcp any any eq 22 access-list 100 permit tcp any any eq bgp access-list 100 permit udp any any eq domain access-list 100 permit tcp any any eq domain access-list 100 permit tcp any any eq ident access-list 100 permit udp any any eq ntp access-list 100 permit udp any eq ntp any access-list 100 permit udp any eq isakmp any access-list 100 deny udp any any eq 2049 access-list 100 permit udp any any gt 1023 access-list 100 permit ipinip any any access-list 100 permit 41 any any access-list 100 permit esp any any access-list 100 permit gre any any access-list 100 deny ip any any log access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any echo access-list 101 permit icmp any any ttl-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny icmp any any access-list 101 deny udp any any eq netbios-ns access-list 101 deny tcp any any eq 135 access-list 101 deny tcp any any eq 139 access-list 101 deny udp any any eq netbios-dgm access-list 101 deny udp any eq 6881 any access-list 101 deny udp any any eq 6881 access-list 101 permit ipinip any any access-list 101 permit 41 any any access-list 101 permit esp any any access-list 101 permit gre any any access-list 101 permit ip any any access-list 130 deny ip host 202.65.42.252 any access-list 130 permit ip any any ipv6 route 2002::/16 Tunnel2002 ipv6 route ::/0 2002:806B:F0FE::1 ! ipv6 access-list ipv6-in deny tcp any any eq 135 deny tcp any any eq 445 permit icmp any any permit tcp any any established permit tcp any any eq 22 permit tcp any any eq www permit tcp any any eq smtp permit tcp any any eq pop3 permit tcp any any eq 143 permit tcp any any eq 5901 permit tcp any any eq domain permit udp any any eq domain permit udp any any eq ntp permit udp any any eq 5 permit udp any eq isakmp any eq isakmp deny udp any any eq 2049 permit udp any any gt 1023 deny ipv6 any any log ! ipv6 access-list ipv6-out deny udp any any eq netbios-ns deny udp any any eq netbios-dgm permit ipv6 any any ! ipv6 access-list vty deny ipv6 any any log ! control-plane ! banner login ^C Unauthorised access prohibited. Disconnect immediately if not authorised. ^C ! line con 0 transport preferred none line aux 0 line vty 0 4 ipv6 access-class vty in transport preferred none transport input ssh transport output telnet ssh line vty 5 15 ipv6 access-class vty in transport preferred none transport input ssh transport output telnet ssh ! ntp clock-period 17208395 ntp server 192.5.41.40 ntp server 192.36.143.150 ! end